From oss-security  Sun Jun 22 21:58:45 2014
From: David Faure <faure () kde ! org>
Date: Sun, 22 Jun 2014 21:58:45 +0000
To: oss-security
Subject: Re: [oss-security] KMail/KIO POP3 SSL MITM Flaw
Message-Id: <8045295.6nhngL7M2C () asterix>
X-MARC-Message: https://marc.info/?l=oss-security&m=140347435323251

On Sunday 22 June 2014 21:47:50 Richard Moore wrote:
> > I'm not sure whether to interpret the 'Versions' line in the advisory
> > as "bug was introduced at kdelibs 4.10.95"

Yes, this is what
"Versions:       kdelibs 4.10.95 to 4.13.2"
means.

The file usernotificationhandler.cpp was introduced in 4.10.95
(for the fix for bug 154100 and 265228)

Before that, SlaveInterface handled the messagebox request itself, with no 
need for a job pointer.

> There is an IBM ISS report [3] which implies the bug affects at least
> kdelibs 4.6.x ....

No idea where they got that from.... I cannot confirm this.

-- 
David Faure, faure@kde.org, http://www.davidfaure.fr
Working on KDE Frameworks 5